Fuzzy set theory—and its applications (3rd ed.)
Fuzzy set theory—and its applications (3rd ed.)
Seven methods for transforming corporate data into business intelligence
Seven methods for transforming corporate data into business intelligence
Fuzzy logic: intelligence, control, and information
Fuzzy logic: intelligence, control, and information
Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Managing Alerts in a Multi-Intrusion Detection Environment
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
An Alert Fusion Framework for Situation Awareness of Coordinated Multistage Attacks
IWIA '05 Proceedings of the Third IEEE International Workshop on Information Assurance
A mission-impact-based approach to INFOSEC alarm correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
A cognitive model for alert correlation in a distributed environment
ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics
Information combination operators for data fusion: a comparative review with classification
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Data fusion for improved situational understanding
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Assessing the usability of end-user security software
TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
| Hi-index | 0.00 |
The need for higher-level reasoning capabilities beyond low-level sensor abilities has prompted researchers to use different types of sensor fusion techniques for better situational awareness in the intrusion detection environment. These techniques primarily vary in terms of their mission objectives. Some prioritize alerts for alert reduction, some cluster alerts to identify common attack patterns, and some correlate alerts to identify multi-staged attacks. Each of these tasks has its own merits. Unlike previous efforts in this area, we have combined the primary tasks of sensor alert fusion, i.e., alert prioritization, alert clustering and alert correlation into a single framework such that individual results are used to quantify a confidence score as an overall assessment for global diagnosis of a systems' security situation. In this paper, we particularly address the problem of fusing results of alert clustering and alert correlation for the determination of systems' overall security health. We use a possibilistic approach in intelligent fusion of sensor alerts in order to accommodate the impreciseness and vagueness in knowledge-based reasoning. Experiments show that fusing higher level analysis results provides further insight into overall security situation of protected resources in the network.